1. Field of the Invention
This invention relates to the transfer of information between parties; in particular, it relates to systems, methods, and devices for trusted transactions.
2. Description of the Related Art
Transactions are increasingly characterized by the amount and quality of information available to market participants. Whereas a seller seeks profit driven arrangements, which may vary over the course of a relationship with a particular buyer or consumer; buyers seek satisfaction of at least one of the following: price, selection or service. At any time the buyer or seeker of value-added information may lack recognition of the seller or provider of such information, even if coupled with a “manufactured” product or good. Sellers, or providers, similarly lack any information about individual buyers, buying groups or agents, and may only have information regarding potentially profitable transaction events defined by at least one of the following: existing market for goods or services, targeted projected market for new goods or services, or those consumers or buyers who currently engage in transactions with the provider. Transactions are the result of customer profiling, a form of recognizable pattern analysis for commerce.
Transactions conducted electronically, often in an online environment taking advantage of networks, such as the Internet and/or World Wide Web (“WWW”), form an increasingly-important subset of transactions. Most obviously, retail sales transactions in which individual customers purchase goods or services from a central web server using a WWW connection have become a prominent form of electronic transactions, though such transactions are by no means the only or even necessarily the predominant category of electronic transactions.
Electronic transactions pose special challenges for transaction parties. Some of these challenges relate to the difficulty of providing to a prospective acquirer (e.g., a purchaser) of goods or services full, accurate, and verifiable information regarding the nature, value, authenticity, and other suitability-related characteristics of the product in question. This is true in part, for instance, because the customer cannot necessarily handle, sample, or evaluate at first hand the goods or services in question in an online transaction to the same extent to which he could evaluate them in an in-person transaction. It may also be true because of the fear of counterfeit, defective, or otherwise unsuitable products that may be viewed as more easily “passed off” (assuming a certain non-zero incidence of deceit and/or inadequate suitability verification among suppliers of products) in an electronic transaction than in an in-person transaction.
Further challenges in online transactions revolve around the serious concerns regarding security of such transactions. Such security-related concerns arise from the inherently-vulnerable nature of distributed public networks such as the internet, in which transaction parties cannot necessarily determine the path by which data travelling to and from them will take. Nor is it always possible to determine the identity of another transaction party, or to ensure that such other transaction party will take adequate precautions with sensitive data (for instance, data related to the identity or financial details (e.g., credit card number) of the first transaction party) transmitted during the course of proposing, evaluating, negotiating, executing, or fulfilling a transaction. Thus, concerns are raised about interception, inadequate safeguarding, or other unauthorized or inappropriate use of data generated or transmitted between transaction parties. Such concerns have raised the perceived need for security technologies adaptable for online transactions. Generically, these technologies have included encryption, scrambling, digital watermarking, and like methods of protecting transaction-related data.
Two conventional techniques for providing confidentiality and/or authentication currently in use involve reciprocal and non-reciprocal encrypting. Both systems use non-secret algorithms to provide encryption and decryption, and keys that are used by the algorithm.
In reciprocal algorithm systems, such as DES, the same key and algorithm is used to encrypt and decrypt a message. To assure confidentiality and authenticity, the key is preferably known only to the sending and receiving computers, and were traditionally provided to the systems by “secure” communication, such as courier.
In non-reciprocal systems, such as those described in U.S. Pat. No. 4,218,582, a first party to a communication generates a numerical sequence and uses that sequence to generate non-reciprocal and different encrypting and decrypting keys. The encrypting key is then transferred to a second party in a non-secure communication. The second party uses the encrypting key (called a public key because it is no longer secure) to encrypt a message that can only be de-crypted by the decrypting key retained by the first party. The key generation algorithm is arranged such that the decrypting key cannot be derived from the public encrypting key. Similar methods are known for using non-reciprocal keys for authentication of a transmission. In the present invention, the non-secure “public” key is used to a message that has been encrypted using a secure “private” key known only to the originating party. In this method the receiving party has assurance that the origination of the message is the party who has supplied the “public” decrypting key.